Please if anyone knows how to stop this with postfix and amavisd-new
please let me know !!!
I am clueless how someone outside $mynetworks was able to do it.
Here is the log:
Dec 10 15:14:35 mail dovecot: auth(default): new auth connection:
pid=23648
Dec 10 15:14:37 mail dovecot: auth(default): new auth connection:
pid=23649
Dec 10 15:14:37 mail postfix/smtpd[23649]: connect from
165.Red-88-26-49.staticIP.rima-tde.net[88.26.49.165]
Dec 10 15:14:38 mail postfix/smtpd[23649]: NOQUEUE: filter: RCPT from
165.Red-88-26-49.staticIP.rima-tde.net[88.26.49.165]:
<atienoalice@xxxxxxxxxxxxxx>: Sender address triggers FILTER
amavisfeed:[127.0.0.1]:10024; from=<atienoalice@xxxxxxxxxxxxxx>
to=<support@xxxxxxxxxxxxxx> proto=ESMTP helo=<windowsb894c86>
Dec 10 15:14:39 mail postfix/smtpd[23649]: 985869EAA9:
client=165.Red-88-26-49.staticIP.rima-tde.net[88.26.49.165]
Dec 10 15:14:40 mail postfix/cleanup[23653]: 985869EAA9:
message-id=<001501ca79dd$cc8a4ef0$7f000001@windowsb894c86>
Dec 10 15:14:40 mail postfix/qmgr[2538]: 985869EAA9:
from=<atienoalice@xxxxxxxxxxxxxx>, size=917, nrcpt=1 (queue active)
Dec 10 15:14:40 mail postfix/smtpd[23649]: disconnect from
165.Red-88-26-49.staticIP.rima-tde.net[88.26.49.165]
Dec 10 15:14:41 mail dovecot: auth(default): new auth connection:
pid=23658
Dec 10 15:14:41 mail postfix/smtpd[23658]: connect from
localhost.localdomain[127.0.0.1]
Dec 10 15:14:41 mail postfix/smtpd[23658]: 3D8869EAAC:
client=165.Red-88-26-49.staticIP.rima-tde.net[88.26.49.165]
Dec 10 15:14:41 mail postfix/cleanup[23653]: 3D8869EAAC:
message-id=<001501ca79dd$cc8a4ef0$7f000001@windowsb894c86>
Dec 10 15:14:41 mail postfix/smtpd[23658]: disconnect from
localhost.localdomain[127.0.0.1]
Dec 10 15:14:41 mail postfix/qmgr[2538]: 3D8869EAAC:
from=<atienoalice@xxxxxxxxxxxxxx>, size=2621, nrcpt=1 (queue active)
Dec 10 15:14:41 mail postfix/smtp[23654]: 985869EAA9:
to=<support@xxxxxxxxxxxxxx>, relay=127.0.0.1[127.0.0.1]:10024,
delay=3.4, delays=2.1/0.02/0.01/1.3, dsn=2.0.0, status=sent (250 2.0.0
Ok, id=22280-12, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
3D8869EAAC)
Dec 10 15:14:41 mail postfix/qmgr[2538]: 985869EAA9: removed
Dec 10 15:14:41 mail spamd[2472]: spamd: connection from
localhost.localdomain [127.0.0.1] at port 33537
Dec 10 15:14:41 mail spamd[2472]: spamd: setuid to kevin succeeded
Dec 10 15:14:41 mail spamd[2472]: spamd: processing message
<001501ca79dd$cc8a4ef0$7f000001@windowsb894c86> for kevin:502
Dec 10 15:14:42 mail spamd[2472]: spamd: clean message (-98.2/5.0) for
kevin:502 in 1.2 seconds, 2731 bytes.
Dec 10 15:14:42 mail spamd[2472]: spamd: result: . -98 -
BAYES_50,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,STOX_REPLY_TYPE,USER_IN_WHITELIST
scantime=1.2,size=2731,user=kevin,uid=502,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33537,mid=<001501ca79dd$cc8a4ef0$7f000001@windowsb894c86>,bayes=0.499810,autolearn=no
Dec 10 15:14:42 mail spamd[2460]: prefork: child states: II
Dec 10 15:14:43 mail postfix/local[23659]: 3D8869EAAC:
to=<kevin@xxxxxxxxxxxxxx>, orig_to=<support@xxxxxxxxxxxxxx>,
relay=local, delay=1.8, delays=0.47/0.01/0/1.3, dsn=2.0.0, status=sent
(delivered to command: /usr/bin/procmail)
Dec 10 15:14:43 mail postfix/qmgr[2538]: 3D8869EAAC: removed
the amavisd-new log just shows that it was passed. The ip address:
88.26.49.165 is not in $mynetworks and I am confused how it allowed it
to send. I really don't want anymore email going out of my server as
spam. Also, I don't have a user with atienoalice@xxxxxxxxxxxxxx email
address.
This is the message headers:
Start of headers --
From - Thu Dec 10 15:18:06 2009
X-Account-Key: account2
X-UIDL: 000070314a016525
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <atienoalice@xxxxxxxxxxxxxx>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
mail.kevinslair.com
X-Spam-Level:
X-Spam-Status: No, score=-98.2 required=5.0 tests=BAYES_50,RCVD_IN_PBL,
RCVD_IN_SORBS_DUL,STOX_REPLY_TYPE,USER_IN_WHITELIST autolearn=no
version=3.2.5
X-Original-To: support@xxxxxxxxxxxxxx
Delivered-To: support@xxxxxxxxxxxxxx
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.kevinslair.com (Postfix) with ESMTP id 3D8869EAAC
for <support@xxxxxxxxxxxxxx>; Thu, 10 Dec 2009 15:14:41 -0500 (EST)
X-Amavis-Modified: Mail body modified (using disclaimer) -
mail.kevinslair.com
X-Virus-Scanned: amavisd-new at kevinslair.com
Received: from mail.kevinslair.com ([127.0.0.1])
by localhost (mail.kevinslair.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id cMKr6GHgfe-F for <support@xxxxxxxxxxxxxx>;
Thu, 10 Dec 2009 15:14:40 -0500 (EST)
Received: from windowsb894c86 (165.Red-88-26-49.staticIP.rima-tde.net
[88.26.49.165])
by mail.kevinslair.com (Postfix) with ESMTP id 985869EAA9
for <support@xxxxxxxxxxxxxx>; Thu, 10 Dec 2009 15:14:38 -0500 (EST)
Message-ID: <001501ca79dd$cc8a4ef0$7f000001@windowsb894c86>
From: "Atieno Alice" <atienoalice@xxxxxxxxxxxxxx>
To: <support@xxxxxxxxxxxxxx>
Subject: First class male desire promotion, Heat up your intimating
Date: Thu, 10 Dec 2009 21:14:36 +0100
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="koi8-r";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-Spam: Not detected
X-Mras: Ok
Bring harmony in your night in-outs, Bone-on to be prolonged.
http://profiles.yahoo.com/blog/CKQKWB7FSAAT4LWZ7UQGKDUGUA
END of headers --
Please someone help !!!!
Thanks,
Kevin
Mail Service Provided by:
Kevins Lair, Ent
mailto:kevin@xxxxxxxxxxxxxx
_________________________________________________________________________________
Think before you print.
This message and any attachments may contain information that is protected
by law as privileged and confidential, and is transmitted for the sole use
of the intended recipient(s). If you are not the intended recipient, you
are hereby notified that any use, dissemination, copying or retention of
this e-mail or the information contained herein is strictly prohibited. If
you have received this e-mail in error, please immediately notify the
sender by e-mail, and permanently delete this e-mail.
All outgoing e-mail is scanned for virus and potentially hazardous material
_________________________________________________________________________________
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines